Security Incidents mailing list archives
CGI Raping a.k.a How to Target a DoS at a single Site.
From: webmaster () TLSECURITY NET (Thierry Zoller)
Date: Wed, 17 May 2000 07:59:26 -0000
Here's what happened : nph-anon.cgi installed to allow surfers to surf "anonymously" Now somebody launched an attaack based on Multiple calls to nph-anon.cgi. These calls prompetd it to download a JPG picture. There have been made over 100.000 calls (from on IP) to that cgi script. Being a nph script on every (!) call it created a socket to connect to the server holding a picture. Result: - Eat up 99% of system ressources (VHost) - My ISP blocked my account (forbidden 403). - My ISP accuses me for connection to the server. - My ISP does NOT believe me that somebody made thousands of Connection to that script. (they pointed out nph- anon.cgi being the script eating up the ressources) although the LOG CLEARLY indicate that there have been Remote calls to that script, - My ISP attacks attacks myself (!) by saying <<<This attack, if it truly is that, is the first in the history of our company. We have never had a DoS attack that was specifically targetted at a domain on our servers. We must ask what you are doing than to create this attack and we must also ask ourselves, given the previous incident with your previous domain, if hosting you is something that is still an option.>>> 'Note hat i HAD NEVER any problems with them, never did something wrong, and in fact I helped them by sending the latest patches to flaws found to exist in their Servers. So now I am the culprit right ? (I won't disclose the host here, neitherway I must admit that I feel quite fourious about them) [ Help -Could anybody point me to some FAQ or Help text which explains how to limit exessif calls to CGI scripts? -Are there any known server side programs that do exist to protect from such happenings ? - Please comment the "We have never had a DoS attack.." Regards, Thierry Zoller
Current thread:
- CGI Raping a.k.a How to Target a DoS at a single Site. Thierry Zoller (May 17)